OpenEBS Control Plane Chaos Experiment Details
Experiment Metadata
Type | Description | Tested K8s Platform |
---|---|---|
OpenEBS | Kill the OpenEBS control plane pods and check if they are rescheduled and healthy | GKE, EKS |
Prerequisites
Ensure that the Litmus Chaos Operator is running by executing
kubectl get pods
in operator namespace (typically,litmus
). If not, install from hereEnsure that the
openebs-control-plane-chaos
experiment resource is available in the cluster by executingkubectl get chaosexperiments
in theopenebs
namespace. If not, install from here
Entry Criteria
- OpenEBS control plane pods are healthy before chaos injection
Exit Criteria
- OpenEBS control plane pods are healthy after chaos injection
Details
- This scenario validates graceful & forced terminations of OpenEBS control plane pods
- List of control plane components killed in this experiment:
- maya-apiserver
- openebs-admission-server
- openebs-localpv-provisioner
- openebs-ndm-operator
- openebs-provisioner
- openebs-snapshot-operator
- openebs-ndm
Integrations
- Pod kill is achieved using either the litmus or powerfulseal chaos libraries.
- The desired lib can be configured using the env variable
LIB
usinglitmus
orpowerfulseal
.
Steps to Execute the Chaos Experiment
This Chaos Experiment can be triggered by creating a ChaosEngine resource on the cluster. To understand the values to be provided in a ChaosEngine specification, refer Getting Started
Follow the steps in the sections below to create the chaosServiceAccount, prepare the ChaosEngine & execute the experiment.
Prepare chaosServiceAccount
Use this sample RBAC manifest to create a chaosServiceAccount in the desired (openebs) namespace. This example consists of the minimum necessary role permissions to execute the experiment.
Sample Rbac Manifest
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: control-plane-sa
namespace: openebs
labels:
name: control-plane-sa
app.kubernetes.io/part-of: litmus
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: control-plane-sa
namespace: openebs
labels:
name: control-plane-sa
app.kubernetes.io/part-of: litmus
rules:
- apiGroups: ["","litmuschaos.io","batch","apps"]
resources: ["pods","deployments","pods/log","events","jobs","configmaps","chaosengines","chaosexperiments","chaosresults"]
verbs: ["create","list","get","patch","update","delete"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get","list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: control-plane-sa
namespace: openebs
labels:
name: control-plane-sa
app.kubernetes.io/part-of: litmus
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: control-plane-sa
subjects:
- kind: ServiceAccount
name: control-plane-sa
namespace: openebs
Prepare ChaosEngine
- Provide the application info in
spec.appinfo
- Override the experiment tunables if desired in
experiments.spec.components.env
- To understand the values to provided in a ChaosEngine specification, refer ChaosEngine Concepts
Supported Experiment Tunables
Variables | Description | Specify In ChaosEngine | Notes |
---|---|---|---|
LIB | The chaos library used to inject the chaos | Optional | Defaults to `litmus`. Supported: `litmus, powerfulseal` |
INSTANCE_ID | A user-defined string that holds metadata/info about current run/instance of chaos. Ex: 04-05-2020-9-00. This string is appended as suffix in the chaosresult CR name. | Optional | Ensure that the overall length of the chaosresult CR is still < 64 characters |
Sample ChaosEngine Manifest
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata:
name: control-plane-chaos
namespace: openebs
spec:
# It can be active/stop
engineState: 'active'
appinfo:
appns: 'openebs'
applabel: 'name=maya-apiserver'
appkind: 'deployment'
chaosServiceAccount: control-plane-sa
experiments:
- name: openebs-control-plane-chaos
spec:
components:
env:
- name: FORCE
value: ''
Create the ChaosEngine Resource
Create the ChaosEngine manifest prepared in the previous step to trigger the Chaos.
kubectl apply -f chaosengine.yml -n openebs
If the chaos experiment is not executed, refer to the troubleshooting section to identify the root cause and fix the issues.
Watch Chaos progress
View pod terminations by setting up a watch on the pods in the OpenEBS namespace
watch -n 1 kubectl get pods -n openebs
Check Chaos Experiment Result
Check whether the OpenEBS control plane is resilient to the pod failure, once the experiment (job) is completed. The ChaosResult resource naming convention is:
<ChaosEngine-Name>-<ChaosExperiment-Name>
.kubectl describe chaosresult control-plane-chaos-openebs-control-plane-chaos -n openebs
Recovery
- If the verdict of the ChaosResult is
Fail
, and/or the OpenEBS components do not return to healthy state post the chaos experiment, then please refer the OpenEBS troubleshooting guide for more info on how to recover the same.
OpenEBS Control Plane Chaos Demo [TODO]
- A sample recording of this experiment execution is provided here.